CVE-2020-36941

Sažetak

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet applications.

Reference

https://github.com/guelfoweb/knock
https://www.exploit-db.com/exploits/49342
https://www.vulncheck.com/advisories/knockpy-csv-injection
https://github.com/guelfoweb/knock

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

24-03-2026 - 21:24

Objavljeno

27-01-2026 - 16:16